Performing a configuration backup
Once you configure the FortiGate unit and it is working correctly, it is extremely important that you backup the configuration. In some cases, you may need to reset the FortiGate unit to factory defaults or perform a TFTP upload of the firmware, which will erase the existing configuration. In these instances, the configuration on the device will have to be recreated, unless a backup can be used to restore it.
It is also recommended that once any further changes are made that you backup the configuration immediately, to ensure you have the most current configuration available. Also, ensure you backup the configuration before upgrading the FortiGate unit’s firmware. Should anything happen during the upgrade that changes the configuration, you can easily restore the saved configuration.
Always backup the configuration and store it on the management computer or off-site. You have the option to save the configuration file to various locations including the local PC, USB key, FTP and TFTP site.The latter two are configurable through the CLI only.
If you have VDOMs, you can back up the configuration of the entire FortiGate unit or only a specific VDOM. Note that if you are using FortiManager or FortiCloud, full backups are performed and the option to backup individual VDOMs will not appear.
To back up the FortiGate configuration – web-based manager:
- Go to Dashboard.
- On the System Information widget, select Backup next to System Configuration.
- Select to backup to your Local PC or to a USB Disk.
The USB Disk option will be grayed out if no USB drive is inserted in the USB port. You can also backup to the FortiManager using the CLI.
- If VDOMs are enabled, select to backup the entire FortiGate configuration (Full Config) or only a specific VDOM configuration (VDOM Config).
- If backing up a VDOM configuration, select the VDOM name from the list.
- Select Encrypt configuration file.
Encryption must be enabled on the backup file to back up VPN certificates.
- Enter a password and enter it again to confirm it. You will need this password to restore the file.
- Select Backup.
- The web browser will prompt you for a location to save the configuration file. The configuration file will have a .conf extension.
To back up the FortiGate configuration – CLI:
execute backup config management-station <comment>
… or …
execute backup config usb <backup_filename> [<backup_password>]
… or for FTP (note that port number, username are optional depending on the FTP site)…
execute backup config ftp <backup_filename> <ftp_server> [<port>] [<user_name>] [<password>]
… or for TFTP … execute backup config tftp <backup_filename> <tftp_servers> <password>
Use the same commands to backup a VDOM configuration by first entering the commands:
config vdom edit <vdom_name>
Hi! I am trying to set up a scheduled backup for my FortiManager, but I am wondering about directory path syntax. We have a Windows file server, and FMG basically wouldn’t let me use the Windows path directory syntax as a valid directory path. I am following the below example:
config system backup all-settings
set status enable
set server 172.20.120.11
set user admin
set directory /usr/local/backup
set week_days monday
set time 13:00:00
set protocol ftp
end
.. I am just swapping out the example directory syntax with Windows syntax, e.g. z:\blabla. Is it not possible to backup the config to Windows folders? It is basically telling me I cannot use backwards slashes (“\”).
I realize this is probably a super dumb question, so apologies in advance.